Renowned computer security expert Ankit Fadia talks about the most common security issues in WFH environments and how to combat them
The recent and unavoidable need to enable employees to work from home has caused a sudden increase in cyber security risks and challenges. Companies must therefore put together a cyber security plan that helps not only identify and avoid cyber threats, but also improves network security, and fortifies the digital work spaces of their employees. In other words, companies must cyber-sanitize their business to stay ahead of hacks and attacks.
HP Inc. organized a webinar for business owners and security experts of Indian SMEs, under its Be Unstoppable series with well-known computer security expert, entrepreneur, and author, Ankit Fadia, with CMR and BizAneKdotes as knowledge partners. Ankit started his session on securing Work from Home (WFH) environments, by asking everyone whether they use Google, MS Windows, free email accounts, etc. and even the Internet. Then, in his signature style, advised everyone to stop using them. That’s because “Every single move you make is being monitored on the Internet”, he said, and further added that search engines keep track of your searching habits and record them in a permanent database. Likewise, when you report a Windows error, then it’s not just the error information that’s sent.
Companies need to be aware that since they can’t issue laptops to all employees, some of them would be using their personal ones at home, which are also shared by other family members. This increases chances of their getting hacked. Similarly, just like everyone is working from home, so are Cyber criminals, and taking advantage of the situation.
5 Common Security Threats in WFH Environments
While there are many security threats, Ankit talked about 5 that have become common in work from home environments:
- Webcam hacks
Video has become a preferred medium of interaction these days. Therefore, hackers can easily trace your IP address and take control of your webcam. Fadia showed a demo where the hacker took control of the victim’s webcam. The victim had no idea that her video was being viewed by someone else. - Hacking personal devices with Trojans and Tools
A lot of people work from home using their personal devices, whether mobile phones or personal laptops. These store all kinds of valuable data. Hackers can implant a Trojan into these devices that can use tools like Net Bus to control your device. The tool gives a lot of control to the hacker, from simple things like displaying embarrassing images or text messages to the victim to running programs of the hacker’s choice to even exiting Windows. - Hackers Know You can no longer walk up to your colleague for a quick chat
Being a WFH environment, employees can’t walk up to anyone to discuss or clarify something. They’re totally dependent on phone calls, emails, and video chats. Fadia gave examples where hackers mis-use this opportunity to send you spoofed emails that claim to be from someone important, like your CEO, asking you to transfer money. Such email and even SMS spoofing has become common now. - Scammers are taking advantage of Pandemic
These days a lot of Covid-19 related emails are going around. Hackers are taking advantage of this by sharing information as a downloadable PDF file or a link to download something. These actually contains a Trojan that gets installed and before you know it, your device is hijacked. - Mobile Phone Hacks
We all know we have personal data on our mobile phones and the chance of it getting hacked is even bigger. Once hackers gain access to your device, they can hack your videos, pictures and location messages. They can control and rule your device remotely.
Protecting your WFH Environment
The best protection against security threats is to always use a combination of technology, processes, and people. Here’s what Fadia recommends:
- Technology
A number of things can be done on the technology front, and not everything is relevant for everyone. Some solutions would be more suitable for slightly larger SMEs. One thing that organizations of all sizes should do is to ensure that all employee systems and applications are patched with the latest updates so that hackers can’t misuse known vulnerabilities. Then define the baseline cyber security requirements for each and every employee, like basic firewall, antivirus, which applications to use and not to use. For slightly bigger SMEs, Ankit recommends using Mobile Device Management (MDM) Solutions to gain better control over them.
Besides system security, Ankit also recommends securing the Internet connection of employees and to give them VPN with encryption for end to end communications. Also look for multi-factor authentication for employees logging into your applications. He summarised by encouraging the use of cloud based services like Office 365 and emphasised on deploying Virtual Media Solutions.
- Processes
Enhancing IT help desk support by deploying remote control tools is another thing to be done. Make sure that you reset all passwords and change passwords with enhanced passwords requirements. He also advised to conduct cyber drills to check whether all systems are WFH proof. - People
Cyber Security Awareness is a must and should be communicated to employees while defining dos and dont’s. Ankit also said to run phishing drills to educate employees on how to differentiate between regular and phishing emails.